Navigating to Buy pfSense +
-
@michmoor said in Navigating to Buy pfSense +:
@Amodin why cant you do CE?
What specifically was a feature you needed on Plus that you cant get on CE?It's really not about 'features' at this point, it's principles. I don't need the boot environment feature.
From my understanding while researching a new solution after deciding to get out of Sophos, CE is apparently an afterthought of sorts and doesn't stay consistently updated. Plus was more updated to stay current, that's important to me. I don't want to use something that I use for a solution that isn't being updated.
You're missing all the buzzy PR word usage they are applying to CE and this continued use of Plus. There's no question in my mind that free/home use is going to be phased out down the road. They of course won't come out and say that - dangling carrots and all. I get it - it's a business model that generates revenue. I'm not interested in paid support - if I have a problem, I'll fix it on my own, wait for a fix if it's not mission critical or replace it.The community that is faithful to this project are the ones that are paying the price because of resellers. Instead of tackling the problem, they are tackling the user-base. I have a problem with that. Like I said, principles.
@GPz1100 said in Navigating to Buy pfSense +:
@SteveITS said in Navigating to Buy pfSense +:
I think some people are interpreting this change as "CE is going away" which has not been said and I very much doubt is the case.
Steve, I've seen this happen with sophos UTM (both home and commercial product). For the last many years, new features have been minimal to none. Mainly security and some bug fixes. I'd say it's even fair to say the platform has been on life support for many years now (as a user of it for 7). Earlier this year sophos finally announced an EOL date - 6/2026. Three years from now. While support/updates are minimal, at least there is some support.
I have a feeling the same will be seen with the CE version. NG's press release used the term "may". By now we all know what "may" really means.
This right here. I left Sophos for this very reason - empty promises and about principle. I understand them wanting to EoL the UTM product, really I do. But they were pushing their users into something that many of us proved to them wasn't ready and their new product is absolutely sub-standard. They ignored us, and continue to flounder like fish out of water, IMHO.
-
-
@Amodin said in Navigating to Buy pfSense +:
It's really not about 'features' at this point, it's principles. I don't need the boot environment feature.
From my understanding while researching a new solution after deciding to get out of Sophos, CE is apparently an afterthought of sorts and doesn't stay consistently updated. Plus was more updated to stay current, that's important to me. I don't want to use something that I use for a solution that isn't being updated.
You're missing all the buzzy PR word usage they are applying to CE and this continued use of Plus. There's no question in my mind that free/home use is going to be phased out down the road. They of course won't come out and say that - dangling carrots and all. I get it - it's a business model that generates revenue. I'm not interested in paid support - if I have a problem, I'll fix it on my own, wait for a fix if it's not mission critical or replace it.The community that is faithful to this project are the ones that are paying the price because of resellers. Instead of tackling the problem, they are tackling the user-base. I have a problem with that. Like I said, principles.
Well, as for resellers I think Netgate made it too easy to get the free licenses as it's automated on the website without any kind of verification. If it's manual process via Netgate sales it might resolve it?
-
This whole announcement just seems strange and short sighted on Netgate's part. First, it's important to realize that it really only affects individuals and small companies/organizations. Larger companies using Netgate are already paying for a higher tier of Tac licensing. Second, Netgate must understand that these individuals and smaller companies/organizations are not going to convert to a higher tier of Tac licensing. It simply isn't worth it for them and they will quickly find a cheaper alternative. I don't think Netgate actually expects any of them to pay up. (If they do, see my second conclusion below).
Of course you can buy a Netgate appliance and get a lifetime (of the device) license of Tac-Lite for free. At first glance, this might appear like a pure money grab on Netgate's part by pushing these individuals and small companies/organizations to buy their appliances. But the fact is that long term, Netgate would make a lot more money selling yearly $129 Tac-Lite licenses on white box devices than they will by selling their own appliances. The appliance does not provide annual revenue and the profit margins are lower due to the manufacturing costs of the appliance (ie selling a $599 appliance doesn't produce $599 in profit for Netgate). Meanwhile a yearly licensing fee has extremely high margins (as in it's nearly 100% pure profit) and provides a source of yearly income.
At best, all Netgate is going to do is push a lot of individuals and small companies/organizations to purchase a Netgate appliance for between $189-$599. This will result in a small increase in short term profitability, but it also means they will never see another dime from those users because there is no annual licensing fee required with those appliances. At worst, Netgate is pushing those clients away to the competition all while alienating them as well. That group also tends to be very vocal on social media and I honestly think the back lash, while it won't last forever, is actually going to cost Netgate more than any of the small bump in profitability they might see through appliance sales. Alternatively, they could have started charging the $125 annual Tac-Lite license and collected that from a large number of users each year and not alienated a large portion of their user base.
This leads me to just three logical conclusions. #1 Netgate is so cash strapped that they would rather monetize a couple years worth of license fees at once by forcing people to purchase one of their appliances instead of capitalizing on a yearly licensing fee. If that is true, it doesn't bode well for the long term sustainability of the company. #2 The leadership of Netgate is literally out of their minds. I have no idea who would have run the financial numbers on this decision and decided it was worth doing. #3 Netgate is planning on changing to a "large company" solution only. They will eventually drop pfSense CE because it costs too much money to maintain with zero benefit to the company once they put all of their focus on the "white whale" companies.
While I would love to believe that conclusion #2 is true, I suspect conclusion #3 is what will ultimately play out. I haven't been one to think that Netgate was "going to drop CE" until now, but I 'm guessing that within 3-5 years CE will effectively be unsupported and Netgate will have priced things to the point that only large companies are using pfSense.
-
Hoping that Netgate reconsiders and creates an affordable whitebox license for home users. Paying for value is fair. I'd personally be willing to pay $129/year and continue to be a promoter of pfSense+ in my professional & personal communities.
$399/year would more than double many (most?) home users' yearly spend on networking gear. Switching from a whitebox to a Netgate box to drop support costs to the (soon to be) $129/year TAC Lite subscription isn't a clear win from a total cost perspective either. Smaller whiteboxes suited for home use -- handful of 2.5 Gbps ports with good performance -- are substantially less expensive and varied from a price/performance perspective than Netgate's comparable offerings.
I switched to pfSense+ for L3 from another vendor's product (the other vendor includes a perpetual zero-cost license with equipment purchase). pfSense+ provided functionality and performance not available with that other equipment. My network is "better" in a number of ways with pfSense+, but it's not clear to me that it's $399/year better.
Perhaps there are technical mechanisms that could ensure a less expensive home entitlement isn't abused: just as an example, limiting the state table to 10k states.
-
23.09.b.20231023.1701 will this be the last version for Plus (Home) or will they at least give us the final version 23.09? And what version of CE can I upgrade to? As I understand it, the CE config is older.
Personally, I am not bothered by this situation if we are given the opportunity to switch to CE without any problems. -
@marcg said in Navigating to Buy pfSense +:
Hoping that Netgate reconsiders and creates an affordable whitebox license for home users. Paying for value is fair. I'd personally be willing to pay $129/year and continue to be a promoter of pfSense+ in my professional & personal communities.
$399/year would more than double many (most?) home users' yearly spend on networking gear. Switching from a whitebox to a Netgate box to drop support to the (soon to be) $129/year TAC Lite subscription isn't a clear win from a total cost perspective either. Smaller whiteboxes suited for home use -- handful of 2.5 Gbps ports with good performance -- are substantially less expensive and varied from a price/performance perspective than Netgate's comparable offerings.
Perhaps there are technical mechanisms that could ensure a less expensive home entitlement isn't abused: just as an example, limiting the state table to 10k states.
While I wouldn't be against even paying a small yearly fee, I'd like to address your technical limitations as well:
Sophos did this and you had (HAD) two options - either use UTM and your IP limitation was at 50 IPs, or go to their SFOS solution, have unlimited IPs, but the hardware limitations were in place - being allowed to run minimal (read substandard) hardware limits (4-core, 6GB limits) for their new solution turned it into an overstuff pack mule trying to climb a 50-degree incline. So, the 50 IP limit seemed like still the better choice - then they discontinued that product allowing it altogether and made no accommodation for the only solution available now through Sophos.
So, you may have fantastic hardware, but limited so badly, Snort doesn't even run at an acceptable pace, and per Sophos standards, wouldn't even update the backend appropriately to the point where NIC drivers were never allowed to be updated, no updates to the inner workings utilized with their solution, such as Snort being mutli-threaded now at Version 3, while Sophos still runs 32-bit Snort. Things like this are the death of teeter-tottering, back and forth which makes the user even more bitter about being limited. It's NOT a decent solution. A better solution for this issue would be better management of licensing, quite frankly.
-
I'm not really sure why everyone is getting their panties-in-a-wad here.
I think most folks, saw or should have, when the + version was introduced that changes were coming. After all Netgate is a commercial company in business to make money. I don't recall them ever promising that we as home users would be guaranteed a version with all the bells and whistles that their paying commercial customers get. As far the $129 price I see folks commenting on, I don't remember that being cast in stone. I for one will stay with the CE version. Actually they never even promised us that the CE version would remain with the features that are in the + version. I'll stay with the CE version till it no longer suits my needs and then I'll move on.
Too bad they don't make a version based on Linux given all the problems happening with BSD, FreeBSD, etc but this has nothing to do with Netgate/pfSense tho.
-
@Viper_Rus said in Navigating to Buy pfSense +:
what version of CE can I upgrade to? As I understand it, the CE config is older.
see above:
@SteveITS said in Navigating to Buy pfSense +:
For reference to @mfld and others, there is a chart linked on:
https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html
-> https://docs.netgate.com/pfsense/en/latest/releases/versions.html23.09 will have a newer config file version.
...so if you didn't want to restore a config file from 23.05.1 and catch up on later changes, you could wait until CE 2.8.
They discuss current home+lab users in the blog post. It's a bit vague but sounds to me like there's not a short term concern other than the very problematic case of needing to do a reinstall or make hardware changes.
@jdeloach said in Navigating to Buy pfSense +:
version based on Linux
TNSR is Linux. At one point they did convert from CentOS to Ubuntu and required a reinstall to upgrade. That works in some cases but is a pain when traveling to data centers and (billing to upgrade) clients' sites.
As I alluded to above, having used m0n0wall and pfSense and having sold Netgate hardware quite a long time, I'm still not sure there's a a benefit for most people to use Plus over CE. (and if it is that critical, buy a Netgate router...?) I think people made a bit deal about the "delay" of CE 2.7 but, big picture, 23.01 was pretty buggy, 23.05 better but still had lots of patches, and 23.05.1 and 2.7 were released pretty much together. As a result we didn't bother upgrading most of our and our clients routers to 23.01 anyway.
-
@Darkk said in Navigating to Buy pfSense +:
To be honest this is true on any security device
Didn't say it wasn't.
Taking someone like me who manages Fortigate
So me too and Cisco - yup fair share.
aren't they QA'ing their code before releasing it?
No. Because they are profit driven like every company. Testing in a development environment, simply put "testing" cuts into the bottom line.
"It it compiles, ship it" it is entirely on the developer.
They report to shareholders not users.Your box of corn flakes (or insert cereal preference here) got smaller, the price went up and they called it "new and improved"
No its not! It is smaller and more expensive. But you will never see the PR say that. That's where we are now, a poorly implemented PR spinas I've said a couple of times, I'm on Netgate hardware so the CE home thing and use there of, isn't really a issue for me.
the lack of all the CE users providing input or as you put it "help test and report bugs" however, is part of what concerns me. Unless as part of their corporate plan they plan to increase the testing internally they will end up being no different than a Forti or a Cisco.
if the tide swells too much and they drive a lot of people away, not only does the cost for everyone go up, the product gets stale.. Or you know "New and Improved"Let's face it we've seen this in other companies
"Open Source" because it's great way to build --> migrate to closed source for the ($) -> fail because they become unable to keep up or the product cost too much.Myself I'm just not sure they are going to get it right longer term and that's a concern. My loss of confidence (or yours and anyone else) means nothing to any company. They need to listen to the home users and respect that.
Yes they have issues but they are generally those are easier for me to mitigate myself on an Open Netgate, than they are on an Forti or Cisco.
That said, and for entirely different reasons, I stopped recommending Netgate to smaller businesses about 8 months ago. Hard to change that lack of trust back. But here I am still running a 23.09.beta, and by choice. So I haven't left yet.
-
They need to take a look at XCP-ng and Xen Orchestra's play book on communication and transparency. They post everything about where they are headed and where they want to go. All the way down to what colors they want to use for their front end software. I remember a time where netgate used to post things like this. One example that comes to mind is the requirement for AES-NI on their upcoming latest version of pfSense and everyone lost their mind over it. But you know what? Netgate took the criticism and didn't make it a requirement because they saw it wasn't sitting well with the community and lose their precious support base for furthering the product.
I'd also like to mention that the most recent "error after upgrade to HAProxy 0.62_1" incident that nbproc is no longer supported in the config file... I was the one who submitted that bug report! An individual who had the plus version on a whitebox and no TAC license. I don't know by how much, but I can see a decline in quality going down if we don't have the ability to use the plus edition and file bug reports.
Don't get me wrong, I want them to make money and I'd gladly pay a reasonable fee to run pfSense at home/Lab. They have to stop this knee jerk reaction and "we will tell you later" nonsense and I think the community would take to more bad news if they had better transparency. companies will always have it backwards though. Companies always think they are the ones who made their company, but the community is who has made them.
-
@AMG-A35
Moving op OPENsense. Netgate wants to create "revenue stream" using home users, not this user. Netgate promised and broke their promise. No loyalty from me to "Indian givers". -
I'm finding myself frequently moving my pfSense+ install at home between VMs, adding/removing interfaces, etc. In the past I was relying on being able to just grab a new activation token; but that seems to be no longer the option. Are existing "subscribers" of the Home/Lab license with valid NDI getting the option to transfer the subscription to a new NDI seamlessly (ideally from the UI, without bothering Netgate support)?
I know at this point I should just look into erm; alternatives from other vendors (or just downgrading to CE; which I don't think would work since I think 23.09 is no longer compatible with 2.7 configs); but it would be nice not to have to do it immediately.
-
@adam-lantos So long as you're keeping the quantity of nics the same, reusing the same macs will satisfy the token.
-
I see that in general people expressed their opinions about the latest "ideas" by Netgate.
My 2c.
The plan to charge home users $399 a year is plain stupid. (sorry for being blunt)
If Netgate does not reverse this decision, it will mean that they fight not pirates who install and resell illigaly pfSense, but they fight us, the community, home users. This may and will cause some users (maybe myself included) to move from pfSense. As a result, Netgate will lose contributors, testers, enthusiasts etc. and that will make
I pay voluntarily €105/year for Proxmox PVE as I really want to support its product.
Why can't pfSense offer a similar (I asked about it BTW)Like one guy said recently - don't!
-
@wgstarks said in Navigating to Buy pfSense +:
Netgate has made an official announcement.
They presented their case very well..they're not against home/lab users...it's the misconduct of others who, it seems, desperate for money abusing the kindness of open source to align their pockets...not cool
-
@chudak said in Navigating to Buy pfSense +:
The plan to charge home users $399 a year
That's not their plan...that's for the TAC pro. They haven't determine the price yet, it seems they're seriously thinking about home/lab users and most likely will priced to encourage continued engagement with the community.
@chudak said in Navigating to Buy pfSense +:
I pay voluntarily €105/year for Proxmox PVE
I plan to do that also soon, it's highly resilient...
-
-
@stephenw10
Figured you a XCP NG guy… -
-
Why then don't you guys follow up a good path instead of risking all?!